SANS ISC InfoSec Forums

An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 4899 and our dshield data confirms an uptick. Port 4899 is the default port for the Radmin tool, which is a windows-based computer remote-control package. According to his data, the scans are mostly originating from Spanish-speaking South American countries. We don't have confirmation that the attackers are looking for Radmin, so if you have some packet captures please upload them and we can take a look.